VYPR

Avalanche

by Ivanti

CVEs (113)

  • CVE-2021-42124HigDec 7, 2021
    risk 0.57cvss 8.8epss 0.03

    An improper access control vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform a session takeover.

  • CVE-2024-38653HigAug 14, 2024
    risk 0.56cvss 7.5epss 0.92

    XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to read arbitrary files on the server.

  • CVE-2021-30497HigApr 6, 2022
    risk 0.56cvss 7.5epss 0.97

    Ivanti Avalanche (Premise) 6.3.2 allows remote unauthenticated users to read arbitrary files via Absolute Path Traversal. The imageFilePath parameter processed by the /AvalancheWeb/image endpoint is not verified to be within the scope of the image folder, e.g., the attacker can…

  • CVE-2023-46262HigDec 19, 2023
    risk 0.55cvss 7.5epss 0.83

    An unauthenticated attacked could send a specifically crafted web request causing a Server-Side Request Forgery (SSRF) in Ivanti Avalanche Remote Control server.

  • CVE-2022-36982HigMar 29, 2023
    risk 0.55cvss 7.5epss 0.74

    This vulnerability allows remote attackers to read arbitrary files on affected installations of Ivanti Avalanche 6.3.3.101. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within…

  • CVE-2022-44574HigMar 10, 2023
    risk 0.54cvss 7.5epss 0.65

    An improper authentication vulnerability exists in Avalanche version 6.3.x and below allows unauthenticated attacker to modify properties on specific port.

  • CVE-2024-47011HigOct 8, 2024
    risk 0.53cvss 7.5epss 0.57

    Path Traversal in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information

  • CVE-2024-27977HigApr 19, 2024
    risk 0.53cvss 8.1epss 0.02

    A Path Traversal vulnerability in web component of Ivanti Avalanche before 6.4.3 allows a remote authenticated attacker to delete arbitrary files, thereby leading to Denial-of-Service.

  • CVE-2023-28127HigMay 9, 2023
    risk 0.53cvss 7.5epss 0.59

    A path traversal vulnerability exists in Avalanche version 6.3.x and below that when exploited could result in possible information disclosure.

  • CVE-2021-42133HigDec 7, 2021
    risk 0.53cvss 8.1epss 0.03

    An exposed dangerous function vulnerability exists in Ivanti Avalanche before 6.3.3 allows an attacker with access to the Inforail Service to perform an arbitrary file write.

  • CVE-2024-13179HigJan 14, 2025
    risk 0.52cvss 7.3epss 0.62

    Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication.

  • CVE-2024-47008HigOct 8, 2024
    risk 0.52cvss 7.5epss 0.47

    Server-side request forgery in Ivanti Avalanche before version 6.4.5 allows a remote unauthenticated attacker to leak sensitive information.

  • CVE-2024-29848HigMay 31, 2024
    risk 0.52cvss 7.2epss 0.64

    An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as SYSTEM.

  • CVE-2024-13180HigJan 14, 2025
    risk 0.51cvss 7.5epss 0.28

    Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011.

  • CVE-2024-50320HigNov 12, 2024
    risk 0.51cvss 7.5epss 0.31

    An infinite loop in Ivanti Avalanche before 6.4.6 allows a remote unauthenticated attacker to cause a denial of service.

  • CVE-2024-37399HigAug 14, 2024
    risk 0.51cvss 7.5epss 0.28

    A NULL pointer dereference in WLAvalancheService in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attacker to crash the service, resulting in a DoS.

  • CVE-2023-41726HigNov 3, 2023
    risk 0.51cvss 7.8epss 0.01

    Ivanti Avalanche Incorrect Default Permissions allows Local Privilege Escalation Vulnerability

  • CVE-2023-41725HigNov 3, 2023
    risk 0.51cvss 7.8epss 0.01

    Ivanti Avalanche EnterpriseServer Service Unrestricted File Upload Local Privilege Escalation Vulnerability

  • CVE-2022-43555HigNov 3, 2023
    risk 0.51cvss 7.8epss 0.00

    Ivanti Avalanche Printer Device Service Missing Authentication Local Privilege Escalation Vulnerability

  • CVE-2022-43554HigNov 3, 2023
    risk 0.51cvss 7.8epss 0.00

    Ivanti Avalanche Smart Device Service Missing Authentication Local Privilege Escalation Vulnerability

Page 4 of 6